Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 834 → Rev 835

/alcasar.sh
999,13 → 999,16
echo "cache_mem 256 MB" >> /etc/squid/squid.conf
echo "maximum_object_size_in_memory 4096 KB" >> /etc/squid/squid.conf
echo "maximum_object_size 4096 KB" >> /etc/squid/squid.conf
# anonymisation de la version de squid
# anonymisation of squid version
echo "via off" >> /etc/squid/squid.conf
# suppression de la primitive http 'X_forwarded'
# remove the 'X_forwarded' http option
echo "forwarded_for delete" >> /etc/squid/squid.conf
# pour éviter les message d'erreur lors des changement d'état des interfaces réseaux
# linked squid output in HAVP input
echo "cache_peer 127.0.0.1 parent 8090 0 no-query default" >> /etc/squid/squid.conf
echo "never_direct allow all" >> /etc/squid/squid.conf
# avoid error messages on network interfaces state changes
$SED "s?^SQUID_AUTO_RELOAD.*?SQUID_AUTO_RELOAD=no?g" /etc/sysconfig/squid
# Initialisation du cache de Squid
# Squid cache init
/usr/sbin/squid -z
} # End of param_squid ()
1024,8 → 1027,8
$SED "s?^language =.*?language = french?g" $DIR_DG/dansguardian.conf
# on limite l'écoute de Dansguardian côté LAN
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" $DIR_DG/dansguardian.conf
# on chaîne Dansguardian au proxy antivirus HAVP
$SED "s?^proxyport.*?proxyport = 8090?g" $DIR_DG/dansguardian.conf
# on chaîne Dansguardian au proxy cache SQUID
$SED "s?^proxyport.*?proxyport = 3128?g" $DIR_DG/dansguardian.conf
# on remplace la page d'interception (template)
cp -f $DIR_CONF/template.html /usr/share/dansguardian/languages/ukenglish/
cp -f $DIR_CONF/template-fr.html /usr/share/dansguardian/languages/french/template.html
1077,13 → 1080,13
# configuration d'HAVP
[ -e /etc/havp/havp.config.default ] || cp /etc/havp/havp.config /etc/havp/havp.config.default
$SED "/^REMOVETHISLINE/d" /etc/havp/havp.config
$SED "s?^# PARENTPROXY.*?PARENTPROXY 127.0.0.1?g" /etc/havp/havp.config # datas come from DG
$SED "s?^# PARENTPORT.*?PARENTPORT 3128?g" /etc/havp/havp.config # datas are send to squid (3128)
$SED "s?^# PORT.*?PORT 8090?g" /etc/havp/havp.config # datas come on 8090
$SED "s?^# BIND_ADDRESS.*?BIND_ADDRESS 127.0.0.1?g" /etc/havp/havp.config # we listen only on loopback
$SED "s?^ENABLECLAMLIB.*?ENABLECLAMLIB true?g" /etc/havp/havp.config # active libclamav AV
$SED "s?^# LOG_OKS.*?LOG_OKS false?g" /etc/havp/havp.config # log only when malware matches
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
# remplacement du fichier d'initialisation
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
cp -f $DIR_CONF/havp-init /etc/init.d/havp
/scripts/alcasar-urpmi.sh
11,17 → 11,20
VERSION="2010.2"
ARCH="i586"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils wget arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy "
PACKAGES="freeradius freeradius-mysql freeradius-ldap freeradius-web apache-mpm-prefork apache-mod_ssl apache-mod_php squid dansguardian postfix MySQL logwatch ntp awstats cdrecord buffer vim-enhanced bind-utils arpscan ulogd openssh-server php-xml php-ldap pam_ccreds rng-utils lsb-release dnsmasq sudo syslinux cronie-anacron pciutils clamav pm-fallback-policy "
 
rpm_repository_sync ()
{
echo ${!MIRRORLIST}
urpmi.removemedia -a
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates
urpmi.addmedia --wget --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release
urpmi.addmedia --wget --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates
cat <<EOF > /etc/urpmi/urpmi.cfg
{
downloader: wget
}
EOF
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} main /media/main/release
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} main_updates /media/main/updates
urpmi.addmedia --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib /media/contrib/release
urpmi.addmedia --update --probe-synthesis --mirrorlist ${!MIRRORLIST} contrib_updates /media/contrib/updates
}
 
rpm_error ()
{
107,7 → 110,7
echo "Updated RPM download. Please wait ..."
echo "Il est temps d'aller prendre un café :-) "
echo "You should now take a Beer ;-) "
urpmi --downloader wget --auto --auto-update --quiet --test --retry 2
urpmi --auto --auto-update --quiet --test --retry 2
if [ "$?" != "0" ]
then
echo
131,7 → 134,7
# Download of ALCASAR specifics RPM in cache (and test)
echo "Récupération des paquetages complémentaires. Veuillez patienter ..."
echo "Download of complementary packages. Please wait ..."
urpmi --downloader wget --auto $PACKAGES --quiet --test --retry 2
urpmi --auto $PACKAGES --quiet --test --retry 2
if [ "$?" != "0" ]
then
echo
/scripts/sbin/alcasar-havp.sh
2,7 → 2,7
# $Id$
 
# alcasar-havp.sh
# by Richard REY
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# Activation / désactivation antivirus de flux WEB (Havp + LibClamav)
11,15 → 11,17
CONF_FILE="/usr/local/etc/alcasar.conf"
SED="/bin/sed -i"
function av_disable (){
$SED "s/^proxyport =.*/proxyport = 3128/g" /etc/dansguardian/dansguardian.conf
$SED "s/^cache_peer.*/#cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf
$SED "s/^never_direct.*/#never_direct allow all/g" /etc/squid/squid.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=off/g" /usr/local/etc/alcasar.conf
service dansguardian reload
service squid reload
service havp stop
}
function av_enable (){
$SED "s/^proxyport =.*/proxyport = 8090/g" /etc/dansguardian/dansguardian.conf
$SED "s/^#cache_peer.*/cache_peer 127\.0\.0\.1 parent 8090 0 no-query default/g" /etc/squid/squid.conf
$SED "s/^#never_direct.*/never_direct allow all/g" /etc/squid/squid.conf
$SED "s/^WEB_ANTIVIRUS=.*/WEB_ANTIVIRUS=on/g" /usr/local/etc/alcasar.conf
service dansguardian reload
service squid reload
service havp start
}
usage="Usage: alcasar-havp.sh {--on or -on} | {--off or -off} | {--update or -update}"
27,7 → 29,7
args=$1
if [ $nb_args -eq 0 ]
then
AV_FILTERING=`grep WEB_ANTIVIRUS $CONF_FILE|cut -d"=" -f2` # DNS and URLs filter (on/off)
AV_FILTERING=`grep WEB_ANTIVIRUS $CONF_FILE|cut -d"=" -f2` # WEB-antivir (on/off)
AV_FILTERING=${AV_FILTERING:=on}
echo "Set antivirus Filtering to $AV_FILTERING"
if [ $AV_FILTERING = on ]; then
/web/acc/phpsysinfo/includes/xml/portail.php
117,7 → 117,7
if (filtrageTest("/etc/dansguardian/dansguardian.conf","/^reportinglevel = 3/")){
$web_filter_status = $text['enable'];}
else { $web_filter_status = $text['disable'];}
if (filtrageTest("/etc/dansguardian/dansguardian.conf","/^proxyport = 8090/")){
if (filtrageTest("/usr/local/etc/alcasar.conf","/^WEB_ANTIVIRUS=on/")){
$web_antivir_status = $text['enable'];}
else { $web_antivir_status = $text['disable'];}
if ((filtrageTest("/var/www/html/index.php","/network_pb = False/")) && (internetTest($INSTALLEDVERSION))){